On 17.02.2015 09:52, Pascal Hambourg wrote: > richard lucassen a écrit : >> On Mon, 16 Feb 2015 00:08:41 +0100 >> Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: >> >>>> On line 180 there is the "COMMIT" of the filter table. >>> That sounds like expected behaviour. Where's the bug ? >> >> I'd say in iptables-restore. Apparently the -t (test) does not notice >> that there is a problem while the real iptables-restore does. > > Sorry, my question was not clear enough. Let me rephrase. > > As -t does not commit the tables to the kernel, I do not expect it to > detect errors related to the kernel configuration. So I do not see any > bug in your description, it sounds like expected behaviour to me. Where > do you see a bug in that behaviour ? This should probably be mentioned in the man page. Most people would think that if the ruleset passes a test with -t this means the ruleset can be activated. Which part specifically of the mentioned rule is it that cannot be tested without being committed the rule in the kernel? Regards, Dennis -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
